◆ [Date updated: 2023/12/12(Tue) 12:33:10]
　■please unblock tor on heyuri, i can't even view posts using tor because heyuri uses cloudflare (;´Д`)
　│(heyuri shouldn't be using cloudflare either, it's a MITM/backdoor..)
　│screenshot: https://box.patchouli.moe/vsboUayK.PNG
　│
　├■Things liek Cloudflare are sadly a necessity on today's web, and a 
　││highly disproportionate amount of shenanigans has come from Tor exit 
　││nodes this year - especially recently (;´Д`)
　││
　││One or more Tor users has caused endless headaches for Heyuri staff-san, 
　││and apparently made it their mission to manipulate the site and create a 
　││worse/hostile atmosphere here. Obviously we'd rather not ban it, but 
　││it's been at the root of enough problems lately (without providing much 
　││good) that we are effectively forced to (;´Д`)
　││
　│└■Do you guys believe in the theory that cloudflare DDoS's websites to
　│　│force them to use their protection?
　│　│
　│　└■Most likely (;´Д`)
　│　　　Someone once pointed it out on Lounge too
　│　　　https://dis.heyuri.net/lounge/koko.php?res=2012#p4916
　│　　　
　├■Why does it being a MITM/Backdoor (a kind of silly claim given the 
　││context of cloudflares purpose) even matter for heyuri? Theres no logins 
　││or anything here so theres really no attack vector that users need to 
　││worry about Σ(;ﾟДﾟ)
　││
　│└■not the same anon, but doesn't that mean cloudflare views the 
　│　│unencrypted posts made by any IP? I trust kaguya to not sell my data, 
　│　│but I can't say the same of cloudflare (;`Д´)
　│　│
　│　└■Only if we use cloudflares SSL encryption. They have an option for the
　│　　│user to opt for their own encryption. In that case, they could see your
　│　　│IP (as can your ISP), but not your post data
　│　　│
　│　　├■I'm a n00b with this stuff, but I know they can automajickly maek HTTP-only servers become HTTPS cuz Heyuri★CGI is only set up for HTTP on teh server side (;^Д^)
　│　　││
　│　　││Net stuffz is too complicated...
　│　　││
　│　　│└■Yes, by default they do all the SSL themselves. They may do that for
　│　　│　│kaguya too, unless he has it configured to use his own SSL certs.
　│　　│　│
　│　　│　│In any case, I highly doubt some balding middle aged corporate execs are
　│　　│　│viewing our post history ヽ(´ー｀)ノ
　│　　│　│
　│　　│　└■I admit I get a bit too paranoid when it comes to my shota furry gangraep posts. (;;´Д`)
　│　　│　　│
　│　　│　　└■Man I should browse /b/ more often (´//ω//`)
　│　　│　　　　
　│　　└■That's good, but there are other ways for cloudflare to de-anonymize posts if they REALLY want to.
　│　　　　For example, they can simply watch heyuri posts' timestamps, compare it to their POST data log, and look at the IP address.
　│　　　　
　└■User: Puchiko
　　　I hate cloudfare as well, I hope it isn but temporary (;´Д`)